No problems :) After inspecting the logs, I found the way they were connecting - one of the email addresses had a "
[email protected]" with password of "123456". Spammers were randomly trying to check common email names on every domain on the server: info, contact, admin, test, support, etc...